129e4b79dc6a6aa9d81050a1c9b145e0b28f221ddd2f113d792a86442a5afabc

Analysis

max time kernel
198s
max time network
216s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

488f1bdc8226cc9a0c574e75e3b2610d.exe
Size

283KB
MD5

488f1bdc8226cc9a0c574e75e3b2610d
SHA1

5cfb846b5d34be10348e1b26ec71b2419a9bcf16
SHA256

129e4b79dc6a6aa9d81050a1c9b145e0b28f221ddd2f113d792a86442a5afabc
SHA512

eb9fde4a8c07df994bc9ffcf585d0b922b4ca219dc56773dfedf7b1908bf1dbd331118255dab2cda98ee30dcc233441cf1a418449e888d7ea072d7ecad530ecb
SSDEEP

6144:SUp/B8APOTBj5zzZVTB6JENPDXclQ9DK9mBaUZhDRPY8:SGO1Vz3TB6UTclQ9v9Y8

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000600000002322a-2.dat	acprotect
behavioral2/files/0x0008000000023217-68.dat	acprotect
behavioral2/files/0x000a000000023133-83.dat	acprotect

Loads dropped DLL 35 IoCs

pid	Process
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe
4092	488f1bdc8226cc9a0c574e75e3b2610d.exe

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000600000002322a-2.dat	upx
behavioral2/memory/4092-3-0x0000000074C80000-0x0000000074CE9000-memory.dmp	upx
behavioral2/files/0x0008000000023217-68.dat	upx
behavioral2/memory/4092-18-0x0000000074C80000-0x0000000074CE9000-memory.dmp	upx
behavioral2/memory/4092-71-0x0000000074CD0000-0x0000000074CE7000-memory.dmp	upx
behavioral2/memory/4092-114-0x0000000074C80000-0x0000000074CE9000-memory.dmp	upx
behavioral2/memory/4092-113-0x0000000074CE0000-0x0000000074CEA000-memory.dmp	upx
behavioral2/memory/4092-112-0x0000000074A20000-0x0000000074A89000-memory.dmp	upx
behavioral2/memory/4092-90-0x0000000074A20000-0x0000000074A89000-memory.dmp	upx
behavioral2/files/0x000a000000023133-83.dat	upx
behavioral2/memory/4092-149-0x0000000074A20000-0x0000000074A89000-memory.dmp	upx
behavioral2/memory/4092-162-0x0000000074A20000-0x0000000074A89000-memory.dmp	upx
behavioral2/memory/4092-197-0x0000000074A20000-0x0000000074A89000-memory.dmp	upx
behavioral2/memory/4092-209-0x0000000074A20000-0x0000000074A89000-memory.dmp	upx
behavioral2/memory/4092-203-0x0000000074A20000-0x0000000074A89000-memory.dmp	upx
behavioral2/memory/4092-242-0x0000000074A20000-0x0000000074A89000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\488f1bdc8226cc9a0c574e75e3b2610d.exe
"C:\Users\Admin\AppData\Local\Temp\488f1bdc8226cc9a0c574e75e3b2610d.exe"
1⤵
- Loads dropped DLL
PID:4092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsi99BB.tmp\extra.dll

Filesize
177KB

MD5
ddc0cd4c52586a7d90e498a660f4c771

SHA1
493f0f3d65018a7e659bef143665f495ad9251ed

SHA256
2df15d16e5b37de207c58f86770e82b1bbc21788c9560f34450acb48a9c5c208

SHA512
3e2f8cce4a9469cd94472ffa96217d6279cea2326c738460aa5d111b9b1036a728cccd47fab561d564b26a8187f4fd527cc1d16070eb6f9fb0e296cd4b3a24cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi99BB.tmp\nsJSON.dll

Filesize
7KB

MD5
78b913fcd04259634a5e901c616e6074

SHA1
ad5e1c651851a1125bcad79b01ccdcfa45df4799

SHA256
e3ce60666bb88c2412615ef9f432ec24e219532dee5cc1c7aebc65ed9ec94d59

SHA512
cbe07179dd93011f3d9a8f83541961ff34fb83d96658ac82a433ef0aa3399b183eaec3e6a49ec1c1e478d1eada2d3ebc78ffb1ae0574984ae66a7a9cab5d59e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi99BB.tmp\sign.dll

Filesize
32KB

MD5
d30b6c8d2f38e6abbb2f39bac0808bc0

SHA1
f1bca6416ae0f4c52e5b076381c72b18472954d8

SHA256
1f2b4549129c1b98c5674fe363a0267376dfd623323c5815216043dfa7fe1f2a

SHA512
3bf03d839ffa04c1d5eeb89a6405820ab2eea3548050e730255df7e84dfc729157c0d5c7eceeead5e8e1f4aa23777fe78a5582f0772c85bf0f793dd245a887e8

Download Submit
memory/4092-115-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-121-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-63-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-61-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-67-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-66-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-65-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-64-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-62-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-60-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-59-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-18-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-71-0x0000000074CD0000-0x0000000074CE7000-memory.dmp

Filesize
92KB

Download
memory/4092-114-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-113-0x0000000074CE0000-0x0000000074CEA000-memory.dmp

Filesize
40KB

Download
memory/4092-112-0x0000000074A20000-0x0000000074A89000-memory.dmp

Filesize
420KB

Download
memory/4092-111-0x0000000074CD0000-0x0000000074CE7000-memory.dmp

Filesize
92KB

Download
memory/4092-90-0x0000000074A20000-0x0000000074A89000-memory.dmp

Filesize
420KB

Download
memory/4092-58-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-3-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-39-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-135-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-116-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-145-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-144-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-146-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-148-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-151-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-150-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-149-0x0000000074A20000-0x0000000074A89000-memory.dmp

Filesize
420KB

Download
memory/4092-147-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-143-0x0000000074C80000-0x0000000074CE9000-memory.dmp

Filesize
420KB

Download
memory/4092-162-0x0000000074A20000-0x0000000074A89000-memory.dmp

Filesize
420KB

Download
memory/4092-183-0x0000000074CD0000-0x0000000074CE7000-memory.dmp

Filesize
92KB

Download
memory/4092-197-0x0000000074A20000-0x0000000074A89000-memory.dmp

Filesize
420KB

Download
memory/4092-209-0x0000000074A20000-0x0000000074A89000-memory.dmp

Filesize
420KB

Download
memory/4092-203-0x0000000074A20000-0x0000000074A89000-memory.dmp

Filesize
420KB

Download
memory/4092-242-0x0000000074A20000-0x0000000074A89000-memory.dmp

Filesize
420KB

Download
memory/4092-243-0x0000000074A20000-0x0000000074A89000-memory.dmp

Filesize
420KB

Download
memory/4092-253-0x0000000074A20000-0x0000000074A89000-memory.dmp

Filesize
420KB

Download
memory/4092-254-0x0000000074CD0000-0x0000000074CD8000-memory.dmp

Filesize
32KB

Download